Owner

Current status

An initial API proposal has been sent to the gdm mailing list here. The ConsoleKit part has been implemented here. The gnome-session part is under development here

Detailed Description

ConsoleKit offers an API for shutting down the system, with the Restart() and Stop() methods. These require different PolicyKit privileges, depending on the number of logged in users.

This api is very simple, but it has a number of problems:

It does not even attempt to inform those other users about the impending shutdown, or give them a chance to save their documents.

It forces the user to do all pre-shutdown preparations (e.g. saving open documents) before initiating the shutdown. This can lead to the user doing a full logout, closing all open apps, etc, only to find out at the end that he doesn't have the necessary privileges to initiate the shutdown.

Similarly, if he decides to cancel the shutdown because other users are still logged in, it is already too late: he own session will proceed to log out after he cancelled the authentication dialog.

It does not allow to block shutdown if an uninterruptible operation is under way, such as a software update or a system backup.

We need a better API, to satisfy the following goals:

Inform the initiator that other users are logged in.

Give all sessions a chance to close in an orderly fashion on Restart/Stop.

Ensure that the initiator has sufficient privileges for the Reboot/Shutdown before starting to log him out of his session.

Allow to inhibit Restart/Stop when uninterruptible operations are under way.

Benefit to Fedora

The multi-user experience of Fedora is improved and Fedora gains a Reboot/Shutdown UI that works with PolicyKit 1.0.

Scope

This feature requires addition of new API in ConsoleKit. gnome-session needs to be patched to use the new API, and needs some UI enhancements for multi-user scenarios.

Some system services may benefit from using the new ConsoleKit inhibit api: DeviceKit-disks, PackageKit, backup apps.

Test Plan

Restart/Stop the system with one or multiple users logged in.
Repeat while a disk is formatted by DeviceKit-disks.
Repeat while updates are being installed by PackageKit.
Verify that the system behaves as expected and respects
PolicyKit configuration.

User Experience

Here is how the user experience should look for a user initiating a reboot:

Click Restart button

Possibly get an auth dialog, depending on PolicyKit configuration

Possibly get an inhibit dialog saying there are some other users logged in, and some apps in my own session inhibit the shutdown. The users will be displayed similarly to the gdm greeter, with their name and photo. The dialog has 'Cancel' and 'Restart anyway' buttons.

Go through those apps and close them

While doing that, the inhibit dialog updates the list of inhibiting applications and logged in users

Wait a little longer for remaining users to log out

After a while, the system restarts

Here is how the user experience should look for a user when a user in another session initiates a reboot:

A dialog pops up, informing the user that the system is about to reboot. The dialog looks similar to the current inhibit dialog, listing the inhibing applications

Go through those apps and save unusaved documents, then proceed to log out

Briefly thereafter, the system restarts

Dependencies

None.

Contingency Plan

Stay with the current approach of making gnome-session work with PolicyKit 1 and the current ConsoleKit api. The user experience will be suboptimal.